diff --git a/Dockerfile b/Dockerfile
index 009f322..703262a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,42 +1,6 @@
-##
-## We are using many RUN blocks in order to make development easier
-## They will replaced with minimal RUN blocks before release
-##
-ARG BUILD_BASE=ubuntu:bionic
+FROM icinga/icinga2-deps
 
-FROM $BUILD_BASE
+COPY --chown=icinga:icinga icinga2-bin/ /
 
-ENV \
-  TERM=xterm \
-  DEBIAN_FRONTEND=noninteractive \
-  APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
-
-RUN apt-get update \
-  && apt-get upgrade -y 
-
-RUN apt-get install -y apt-file ; apt-file update
-
-RUN apt-file search lsb_release
-RUN apt-file search lsb-release
-RUN apt-cache search lsb-release
-
-RUN apt-get install -y curl wget gnupg2 lsb-release
-
-RUN curl -LsS https://packages.icinga.com/icinga.key | apt-key add -
-
-RUN DIST="$(lsb_release -c | awk '{print $2}')"; \
-    echo "deb http://packages.icinga.com/ubuntu icinga-${DIST} main" >/etc/apt/sources.list.d/icinga.list
-
-RUN apt-get update
-
-RUN apt-get install -y --no-install-recommends icinga2-bin icinga2-common icinga2-ido-mysql monitoring-plugins
-
-RUN rm -fr /var/lib/apt/lists/*
-
-RUN mkdir /run/icinga2 && chown nagios. /run/icinga2
-
-VOLUME /var/lib/icinga2
-
-ENTRYPOINT /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon
-
-EXPOSE 5665
+USER icinga
+CMD ["icinga2", "daemon"]
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 0aaa85f..0000000
--- a/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-IMAGE := icinga/icinga2:latest
-BUILD_BASE := ubuntu:bionic
-
-all: build
-
-build:
-	docker build --rm \
-		--build-arg BUILD_BASE=$(BUILD_BASE) \
-		--tag $(IMAGE) .
diff --git a/README.md b/README.md
index 18bec82..b6b4fbc 100644
--- a/README.md
+++ b/README.md
@@ -73,12 +73,3 @@ This needs some further research to figure out what would work best for us. Avai
 Some other condcerns have been brought up that we should keep in mind. One is that long running containers (> 2 Weeks) may become stale and need a restart. It is unclear whether this is an Icinga issue or something else.
 
 Another concern is that networking can be a challenge when separating services into separate containers.
-
-### Development
-For easier development and changes of earlier stages the containers will contain lots of `RUN` blocks which is very "not best-practice" in Docker. This will be changed before the first release.
-
-### Influences
-There are many Docker containers for Icinga 2 out in the wild. Most were built to serve a special purpose and might not be fit for what this project is aiming for. Nonetheless the first commits rely heavily on the work of following users:
-* [lazyfrosch](https://github.com/lazyfrosch/docker-icinga2)
-* [bodsch](https://github.com/bodsch/docker-icinga2)
-* [jjethwa](https://github.com/jjethwa/icinga2)
diff --git a/action-base.Dockerfile b/action-base.Dockerfile
new file mode 100644
index 0000000..e707806
--- /dev/null
+++ b/action-base.Dockerfile
@@ -0,0 +1,39 @@
+FROM buildpack-deps:scm as clone
+SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
+
+RUN mkdir actions ;\
+	cd actions ;\
+	git clone --bare https://github.com/actions/checkout.git ;\
+	git -C checkout.git archive --prefix=checkout/ v2 |tar -x ;\
+	git clone --bare https://github.com/actions/cache.git ;\
+	git -C cache.git archive --prefix=cache/ v2 |tar -x ;\
+	git clone --bare https://github.com/actions/upload-artifact.git ;\
+	git -C upload-artifact.git archive --prefix=upload-artifact/ v2 |tar -x ;\
+	rm -rf *.git
+
+
+FROM debian:buster-slim
+SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update ;\
+	apt-get install --no-install-{recommends,suggests} -y \
+		apt-transport-https gnupg2 dirmngr ca-certificates ;\
+	apt-get clean ;\
+	rm -vrf /var/lib/apt/lists/* ;\
+	apt-key adv --fetch-keys https://download.docker.com/linux/debian/gpg ;\
+	apt-get purge -y gnupg2 dirmngr ;\
+	apt-get autoremove --purge -y
+
+ADD action-base.list /etc/apt/sources.list.d/misc.list
+
+RUN apt-get update ;\
+	apt-get install --no-install-{recommends,suggests} -y \
+		bison cmake docker-ce-cli flex g++ \
+		libboost{,-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}}1.67-dev \
+		libedit-dev libmariadbclient-dev libpq-dev libssl-dev make nodejs ;\
+	apt-get install --no-install-{recommends,suggests} -y ccache ;\
+	apt-get clean ;\
+	rm -vrf /var/lib/apt/lists/*
+
+COPY --from=clone /actions /actions
diff --git a/action-base.list b/action-base.list
new file mode 100644
index 0000000..6b92268
--- /dev/null
+++ b/action-base.list
@@ -0,0 +1,2 @@
+deb http://deb.debian.org/debian buster-backports main
+deb [arch=amd64] https://download.docker.com/linux/debian buster stable
diff --git a/action.Dockerfile b/action.Dockerfile
new file mode 100644
index 0000000..b1a762b
--- /dev/null
+++ b/action.Dockerfile
@@ -0,0 +1,5 @@
+FROM icinga/icinga2-builder
+
+COPY action.bash Dockerfile /
+
+CMD ["/action.bash"]
diff --git a/action.bash b/action.bash
new file mode 100755
index 0000000..42070b9
--- /dev/null
+++ b/action.bash
@@ -0,0 +1,81 @@
+#!/bin/bash
+set -exo pipefail
+
+TARGET=icinga/icinga2
+
+cache () {
+	INPUT_KEY=docker-image/ccache INPUT_PATH=ccache \
+		STATE_CACHE_KEY=1 STATE_CACHE_RESULT=2 \
+		node "/actions/cache/dist/${1}/index.js"
+}
+
+mkimg () {
+	test -n "$TAG"
+
+	node /actions/checkout/dist/index.js |grep -vFe ::add-matcher::
+	cache restore
+
+	export PATH="/usr/lib/ccache:$PATH"
+	mkdir -p ccache
+	ln -vs "$(pwd)/ccache" ~/.ccache
+
+	mkdir icinga2-bin
+	mkdir build
+	cd build
+
+	cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_SYSCONFDIR=/etc \
+		-DCMAKE_INSTALL_LOCALSTATEDIR=/var -DICINGA2_RUNDIR=/run \
+		-DICINGA2_SYSCONFIGFILE=/etc/sysconfig/icinga2 -DICINGA2_WITH_{COMPAT,LIVESTATUS}=OFF ..
+
+	make
+	make test
+
+	make install "DESTDIR=$(pwd)/../icinga2-bin"
+
+	cd ..
+
+	rm icinga2-bin/etc/icinga2/features-enabled/mainlog.conf
+
+	cache save
+	docker build -f /Dockerfile -t "${TARGET}:$TAG" .
+
+	STATE_isPost=1 node /actions/checkout/dist/index.js
+
+	docker save "${TARGET}:$TAG" |gzip >docker-save.tgz
+	INPUT_NAME=docker-image INPUT_PATH=docker-save.tgz node /actions/upload-artifact/dist/index.js
+	rm docker-save.tgz
+}
+
+push () {
+	test -n "$TAG"
+
+	if [ "$(tr -d '\n' <<<"$DOCKER_HUB_PASSWORD" |wc -c)" -gt 0 ]; then
+		docker login -u icingaadmin --password-stdin <<<"$DOCKER_HUB_PASSWORD"
+		docker push "${TARGET}:$TAG"
+		docker logout
+	fi
+}
+
+case "$GITHUB_EVENT_NAME" in
+	pull_request)
+		grep -qEe '^refs/pull/[0-9]+' <<<"$GITHUB_REF"
+		TAG="pr$(grep -oEe '[0-9]+' <<<"$GITHUB_REF")"
+		mkimg
+		;;
+	push)
+		grep -qEe '^refs/heads/.' <<<"$GITHUB_REF"
+		TAG="$(cut -d / -f 3- <<<"$GITHUB_REF")"
+		mkimg
+		push
+		;;
+	release)
+		grep -qEe '^refs/tags/v[0-9]' <<<"$GITHUB_REF"
+		TAG="$(cut -d v -f 2- <<<"$GITHUB_REF")"
+		mkimg
+		push
+		;;
+	*)
+		echo "Unknown event: $GITHUB_EVENT_NAME" >&2
+		false
+		;;
+esac
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..29ba6af
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,4 @@
+name: Icinga 2 Docker image
+runs:
+  using: docker
+  image: action.Dockerfile
diff --git a/deps.Dockerfile b/deps.Dockerfile
new file mode 100644
index 0000000..1173dd5
--- /dev/null
+++ b/deps.Dockerfile
@@ -0,0 +1,5 @@
+FROM debian:buster-slim
+
+RUN ["/bin/bash", "-exo", "pipefail", "-c", "apt-get update; apt-get install --no-install-{recommends,suggests} -y libboost-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}1.67 libedit2 libmariadb3 libpq5 libssl1.1; apt-get clean; rm -vrf /var/lib/apt/lists/*"]
+
+RUN ["adduser", "--system", "--group", "--home", "/var/lib/icinga2", "--disabled-login", "--force-badname", "--no-create-home", "icinga"]